Perhaps the most telling portion of their decision is:
Quality concerns. Popular LLMs are really great at
generating plausibly looking, but meaningless content. They
are capable of providing good assistance if you are careful
enough, but we can't really rely on that. At this point,
they pose both the risk of lowering the quality of Gentoo
projects, and of requiring an unfair human effort from
developers and users to review contributions and detect the
mistakes resulting from the use of AI.
The first non-title sentence is the most notable to consider, with the rest providing reasoning difficult to refute.
There are a number of other issues such the ethical and environmental ones. However, this one in isolation...
Popular LLMs are really great at
generating plausibly looking, but meaningless
content. They are capable of providing good
assistance if you are careful enough
I'm struggling to understand this particular angle.
Humans are capable of generating extremely poor code. Improperly supervised LLMs are capable of generating extremely poor code.
How is this is an LLM-specific problem?
I believe part of (or perhaps the entire) the argument here is that LLMs certainly enable more unqualified contributors to generate larger quantities of low-quality code than they would have been able to otherwise. Which... is true.
But still I'm not sure that LLMs are the problem here? Nobody should be submitting unexpected, large, hard-to-review quantities of code in the first place, LLM-aided or otherwise. It seems to me that LLMs are, at worst, exposing an existing flaw in the governance process of certain projects?
I've been using AI to contribute to LLVM, which has a liberal policy.
The code is of terrible quality and I am at 100+ comments on my latest PR.
That being said, my latest PR is my second-ever to LLVM and is an entire linter check. I am learning far more about compilers at a much faster pace than if I took the "normal route" of tiny bugfixes.
I also try to do review passes on my own code before asking for code review to show I care about quality.
LLMs increase review burden a ton but I would say it can be a fair tradeoff, because I'm learning quicker and can contribute at a level I otherwise couldn't. I feel like I will become a net-positive to the project much earlier than I otherwise would have.
edit: the PR in question. Unfortunately I've been on vacation and haven't touched it recently.
It's a community's decision whether to accept this tradeoff & I won't submit AI generated code if your project refuses it. I also believe that we can mitigate this tradeoff with strong social norms that a developer is responsible for understanding and explaining their AI-generated code.
How deliciously entitled of you to decide that making other people try to catch ten tons of bullshit because you’re “learning quicker and can contribute at a level you otherwise couldn’t” is a tradeoff you’re happy to accept
If unrepentant garbage that you make others mop up at risk of their own projects’ integrity is the level you aspire to, please stop coding forever.
Go look at the PR man, it's pretty clear that he hasn't just dumped out LLM garbage and has put serious effort and understanding into the problem he's trying to solve.
It seems a little mean to tell him to stop coding forever when his intentions and efforts seem pretty positive for the health of the project.
One of resolved conversation contains a comment "you should warn about incorrect configuration in constructor, look how it is done in some-other-part-of-code."
This means that he did not put serious effort into understanding what, when and why others do in a highly structured project like LLVM. He "wrote" the code and then dumped "written" code into community to catch mistakes.
Have you ever contributed to a very large project like LLVM? I would say clearly not from the comment.
There are pitfalls everywhere. It’s not so small that you can get everything in your head with only a reading. You need to actually engage with the code via contributions to understand it. 100+ comments is not an exceptional amount for early contributions.
Anyway, LLVM is so complex I doubt you can actually vibcode anything valuable so there are probably a lot of actual work in the contribution.
There is a reason the community didn’t send them packing. Onboarding new comer is hard but it pays off.
> It’s not so small that you can get everything in your head with only a reading.
PSP/TSP recommends writing typical mistakes into a list and use it to self-review and to fix code before sending it into review.
So, after reading code, one should write down what made him amazed and find out why it is so - whether it is a custom of a project or a peculiarity of code just read.
I actually have such a list for my work. Do you?
> You need to actually engage with the code via contributions to understand it. 100+ comments is not an exceptional amount for early contributions.
No, it is not. Dozens of comments on a PR is an exceptional amount. Early contributions should be small so that one can learn typical customs and mistakes for self review before attempting a big code change.
That PR we discuss here contains a maintainer's requirement to remove excessive commenting - PR's author definitely did not do a codebase style matching cleanup job on his code before submission.
That is normal for a new contributor. You can't reasonably expect knowledge of all the conventions of the project. There has to be effort to produce something good and not overload the maintainers, I agree, but missing such a detail is not a sign that is not happening here.
Every hobby at some point turns into an exclusive, invitation-only club in order to maintain the quality of each individual's contribution, but then old members start to literally die and they're left wondering why the hobby died too. I feel like most people don't understand that any organization that wants to grow needs to sacrifice quality in order to attract new members.
I didn't make a decision on the tradeoff, the LLVM community did. I also disclosed it in the PR. I also try to mitigate the code review burden by doing as much review as possible on my end & flagging what I don't understand.
If your project has a policy against AI usage I won't submit AI-generated code because I respect your decision.
> I didn't make a decision on the tradeoff, the LLVM community did. I also disclosed it in the PR.
That's not what the GP mean. Just because a community doesn't disallow something doesn't mean it's the right thing to do.
> I also try to mitigate the code review burden by doing as much review as possible on my end
That's great but...
> & flagging what I don't understand.
It's absurd to me that people should commit code they don't understand. That is the problem. Just because you are allowed to commit AI-generated/assisted code does not mean that you should commit code that you don't understand.
The overhead to others of committing code that you don't understand then ask someone to review is a lot higher than asking someone for directions first so you can understand the problem and code you write.
> If your project has a policy against AI usage I won't submit AI-generated code because I respect your decision.
> It's absurd to me that people should commit code they don't understand
The industrywide tsunami of tech debt arising from AI detritus[1] will be interesting to watch. Tech leadership is currently drunk on improved productivity metrics (via lines of code or number of PRs), but I bet velocity will slow down, and products be more brittle due to extraneous AI-generated, with a lag, so it won't be immediately apparent. Only teams with rigorous reviews will fare well in the long term, but may be punished in the short term for "not being as productive" as others.
1. From personal observation: when I'm in a hurry, I accept code that does more than is necessary to meet the requirements, or is merely not succinct. Where as pre-AI, less code would be merged with a "TBD" tacked on
I agree with this. The reason I wrote the PR is because AI keeps using `int` in my codebase when our coding guidelines suggest `size_t`, `uint32_t`, or something else modern.
Disclosing that you used AI three days after making the PR, after 4 people had already commented on your code, doesn't sit right with me. That's the kind of thing that should be disclosed in the original PR message. Especially so if you are not confident in the generated code
I graduated literally 3 months ago so that's my skill level.
I also have no idea what the social norms are for AI. I posted the comment after a friend on Discord said I should disclose my use of AI.
The underlying purpose of the PR is ironically because Cline and Copilot keep trying to use `int` when modern C++ coding standards suggest `size_t` (or something similar).
Unrelated to my other point, I absolutely get wanting to lower barriers, but let’s not forget that templeOS was the religious vanity project of someone who could have had a lot to teach us if not for mental health issues that were extant early enough in the roots of the project as to poison the well of knowledge to be found there. And he didn’t just “move on,” he died.
While I legitimately do find templeOS to be a fascinating project, I don’t think there was anything to learn from it at a computer science level other than “oh look, an opinionated 64-bit operating environment that feels like classical computing and had a couple novel ideas”
I respect that instances like it are demonstrably few and far between, but don’t entertain its legacy far beyond that.
> While I legitimately do find templeOS to be a fascinating project, I don’t think there was anything to learn from it at a computer science level other than “oh look, an opinionated 64-bit operating environment that feels like classical computing and had a couple novel ideas”
I disagree, actually.
I think that his approach has a lot to teach aspiring architects of impossibly large and complex systems, such as "create a suitable language for your use-case if one does not exist. It need not be a whole new language, just a variation of an existing one that smooths out all the rough edges specific to your complex software".
His approach demonstrated very large gains in an unusually complicated product. I can point to projects written in modern languages that come nowhere close to being as high-velocity as his, because his approach was fine-tuned to the use-case of "high-velocity while including only the bare necessities of safety."
Onboarding a new contributor implies you’re investing time into someone you’re confident will pay off over the long run as an asset to the project. Reviewing LLM slop doesn’t grant any of that, you’re just plugging thumbs into cracks in the glass until the slop-generating contributor gets bored and moves on to another project or feels like they got what they wanted, and then moves on to another project.
I accept that some projects allow this, and if they invite it, I guess I can’t say anything other than “good luck,” but to me it feels like long odds that any one contributor who starts out eager to make others wade through enough code to generate that many comments purely as a one-sided learning exercise will continue to remain invested in this project to the point where I feel glad to have invested in this particular pedagogy.
I’ll grant you that, but at least a new contributor who actually writes the code they contribute has offered some level of reciprocity with respect to the time it takes to review their contributions.
Trying to understand a problem and taking some time to work out a solution proves that you’re actually trying to learn and be helpful, even if you’re green. Using a LLM to generate a nearly-thousand-line PR and yeeting it at the maintainers with a note that says “I don’t really know what this does” feels less hopeful.
I feel like a better use of an LLM would be to use it for guidance on where to look when trying to see how pieces fit together, or maybe get some understanding of what something is doing, and then by one’s own efforts actually construct the solution. Then, even if one only has a partial implementation, it would feel much more reasonable to open a WIP PR and say “is this on the right track?”
I think the project and reviewers are both perfectly capable of making their own decisions about the best use of their own time. No need to act like a dick to someone willing to own up to their own behavior.
IMO that is not your call to make, it is the reviews call to make. It is the reviewers resources you are spending to learn more quickly. You are consuming a “free” resource for personal gain because you feel that it is justified in your particular case. It would likely not scale and grind many projects to a halt at least temporarily if this was done at scale.
I would interpret this as similar to being able to take paper napkins or straws at a restaurant. You may be welcome to take napkins, but if you go around taking all the napkins from every dispenser you'll likely be kicked out and possibly they'll start keeping the napkins behind the counter in the future. Similarly if people start treating "you can contribute AI code to LLVM" as "feel free to submit nonsense you don't understand", I would not be surprised to see LLVM change its stance on the matter.
> I've been using AI to contribute to LLVM, which has a liberal policy.
This is a different decision made by the LLVM project than the one made by Gentoo, which is neither right nor wrong IMHO.
> The code is of terrible quality and I am at 100+ comments on my latest PR.
This may be part of the justification of the published Gentoo policy. I am not a maintainer of same so cannot say for certain. I can say it is implied within their policy:
At this point, they pose both the risk of lowering the
quality of Gentoo projects, and of requiring an unfair
human effort from developers and users to review
contributions ...
> LLMs increase review burden a ton ...
Hence the Gentoo policy.
> ... but I would say it can be a fair tradeoff, because I'm learning quicker and can contribute at a level I otherwise couldn't.
I get it. I really do.
I would also ask - of the requested changes reviewers have made, what percentage are due to LLM generated changes? If more than zero, does this corroborate the Gentoo policy position of:
Popular LLMs are really great at generating plausibly
looking, but meaningless content.
If "erroneous" or "invalid" where the adjective used instead of "meaningless"?
I'm a bit later in my career and I've been involved with modern machine learning for a long time which probably affects my views on this, but I can definitely relate to aspects of it.
I think there are a couple of good signals in what you've said but also some stuff (at least by implication/phrashing) that I would be mindful of.
The reason why I think your head is fundamentally in a good place is that you seem to be shooting for an outcome where already high effort stays high, and with the assistance of the tools your ambition can increase. That's very much my aspiration with it, and I think that's been the play for motivated hackers forever: become as capable as possible as quickly as possible by using every effort and resource. Certainly in my lifetime I've seen things like widely distributed source code in the 90s, Google a little later, StackOverflow indexed by Google, the mega-grep when I did the FAANG thing, and now the language models. They're all related (and I think less impressive/concerning to people who remember pre-SEO Google, that was up there with any LLM on "magic box with reasonable code").
But we all have to self-police on this because with any source of code we don't understand, the abstraction almost always leaks, and it's a slippery slope: you get a little tired or busy or lazy, it slips a bit, next thing you know the diff or project or system is jeopardized, and you're throwing long shots that compound.
I'm sure the reviewers can make their own call about whether you're in an ok place in terms of whether you're making a sincere effort or if you've slipped into the low-integrity zone (LLVM people are serious people), just be mindful that if you want the most out of it and to be welcome on projects and teams generally, you have to keep the gap between ability and scope in a band: pushing hard enough to need the tools and reviewers generous with their time is good, it's how you improve, but go too far and everyone loses because you stop learning and they could have prompted the bot themselves.
This is exciting. Thank for for raising the point. I've posted https://discourse.llvm.org/t/our-ai-policy-vs-code-of-conduc... to see what other people think of this. Thank you for your commit, and especially for not mentioning that it's AI generated code that you don't understand in the review, as it makes my point rather more forcefully than otherwise.
Ahhahaha what the fuck. This is what software development has become? Using an LLM to generate code that not only do you not understand, but most likely isn’t even correct, and then shoehorn the responsibility of ensuring it doesn’t break anything onto the reviewer? lol wow
As a former LLVM developer and reviewer, I want to say:
1. Good for you.
2. Ignore the haters in the comments.
> my latest PR is my second-ever to LLVM and is an entire linter check.
That is so awesome.
> The code is of terrible quality and I am at 100+ comments on my latest PR.
The LLVM reviewers are big kids. They know how to ignore a PR if they don't want to review it. Don't feel bad about wasting people's time. They'll let you know.
You might be surprised how many PRs even pre-LLMs had 100+ comments. There's a lot to learn. You clearly want to learn, so you'll get there and will soon be offering a net-positive contribution to this community (or the next one you join), if you aren't already.
Wait and see, then change the policy based on what actually happens.
I sort of doubt that all of a sudden there's going to be tons of people wanting to make complex AI contributions to LLVM, but if there are just ban them at that point.
It’s just what every other tech bro on here wants to believe, that using LLM code is somehow less pure than using free-range-organic human written code.
Every time I encounter these kinds of policy, I can't help but wonder how these policies would be enforced: The people who are considerate enough to abide by these policies, are the ones who would have "cared" about the code qualities and stuff like that, so the policy is a moot point for these kinds of people. OTOH, the people who recklessly spam "contributions" generated from LLMs, by their very nature, would not respect these policies in very high likelihood. For me it's like telling bullies to don't bully.
By the way, I'm in no way against these kinds of policy: I've seen what happened to curl, and I think it's fully in their rights to outright ban any usage of LLMs. I'm just concerned about the enforceability of these policies.
If nothing else, it gives maintainers a sign to point to when closing PRs with prejudice, and that's not nothing. Bad faith contributors will still likely complain when their PRs are closed, and having an obviously applicable policy to cite makes it harder for them to keep complaining without getting banned outright.
I think it's a discouragement more than an enforcement --- a "we will know if you submit AI-generated code, so don't bother trying." Maybe those who do know how to use LLMs really well can submit code that they fully understand and can explain the reasoning of, in which case the point is moot.
> I can't help but wonder how these policies would be enforced
One of the parties that decided on Gentoo's policy effectively said the same thing. If I get what you're really asking... the reality is, there's no way for them to know if a LLM tool was used internally, it's honor system. But I mean enforcement is just ban the contributor if they become a problem. They've banned or otherwise restricted other ones for being disruptive or spamming low quality contributions in the past.
It's worded the way it is because most of the parties understand this isn't going away and might get revisited eventually. At least one of them hardline opposes LLM contributions in any form and probably won't change their mind.
I see. So if I'm understanding correctly, then this policy serves as a kind of "legal ground" from which the maintainers can take action against perpetrators, right?
To add a bit more context, when I was writing the original comment, I was mainly thinking of first-time contributors that don't have any track records, and how the policy would work against them.
If someone uses an LLM to help them write good code that is indistinguishable from human written code, you are right, it's not enforceable. And that's what most people that are using LLMs should be doing.
Unfortunately sometimes it is possible to tell the difference between human and LLM generated code (slop). Policies like this just make it clear and easy to outright reject them.
We do tell bullies not to bully, and then hopefully when they are caught, they are punished. It’s not a perfect system, but better than just ignoring bullying happens.
What happened to curl?
The comment is referring to how the curl project is being overwhelmed by low-quality bug/vulnerability reports generated (or partially generated) by AI (“AI slop”), so much so that curl maintainers are now banning reporters who submit such reports and demanding disclosure, because these sloppy reports cost a lot of time and drain the team.
It's often quite easy to distinguish LLM-generated low-effort slop and it's far easier to point to the established policy than to explain why the PR is a complete garbage. On Github it's even easier to detect by inspecting the author's contribution history (and if it's private it's an automatic red flag).
Of course, if someone has used LLM during development as a helper tool and done the necessary work of properly reviewing and fixing the generated code, then it can be borderline impossible to detect, but such PRs are much less problematic.
You cannot prevent cheating with other policies like the Developer Certificate of Origin either. Yet no one brought up the potential cheating at the time these policies were discussed.
Several projects have rejected "AI" policies using your argument even though those projects themselves have contributor agreements or similar.
This inconsistency makes it likely that the cheating argument, when only used for "AI" contributions, is a pretext and these projects are forced to use or promote "AI" for a number of reasons.
To me the point is that I want to see effort from a person asking me to review their PR. If it's obvious LLM generated bullshit, I outright ignore it. If they put in the time and effort to mold the LLM output so that it's high quality and they actually understand what they're putting in the PR (meaning they probably replace 99% of the output), then good, that's the point
This might get me in trouble, but with all the negativity I’m seeing here I’ve got to ask.
Why do you care? Their sandbox their rules, and if you care because you want to contribute you’re still free to do so. Unless you’re an LLM I guess, but the rest of us should have no problem.
The negativity just seems overblown. More power to them, and if this was a bad call they’ll revisit it.
Let's stop bullshitting, nobody here is going to contribute to Gentoo and is now put off because of this policy change.
What we're looking at is mostly JavaScript monkeys who feel personally offended because they're unable to differentiate criticism of their tools from criticism of their own personal character.
It isn't though. This is just noise. It's a good conversation thread for HN, but it has absolutely zero influence on Gentoo policy.
The only way it'll be revisited is if active Gentoo developers and/or contributors really start to push with a justification to get it changed and they agree to revisit discussing it again. I can tell you every maintainer has heard the line: 'I would have contributed if you did X thing'.
Not speaking for everyone but to me the problem is the normalization of bad behavior.
Some people in this thread are already interpreting that policies that allow contributions of AI-generated code means it's OK to not understand the code they write and can offload that work to the reviewers.
If you have ever had to review code that an author doesn't understand or written code that you don't understand for others to review, you should know how bad it is even without an LLM.
> Why do you care? Their sandbox their rules...
* What if it's a piece of software or dependency that I use and support? That affects me.
* What if I have to work with these people in these community? That affects me.
* What if I happen to have to mentor new software engineers who were conditioned to think that bad practices are OK? That affects me.
>Why do you care? Their sandbox their rules, and if you care because you want to contribute you’re still free to do so. Unless you’re an LLM I guess, but the rest of us should have no problem.
Exactly this. It's their decision to make; their consequences as well.
Then again I would have bet $1000 that gentoo disappeared 15 years ago. Probably around 2009? I legitimately havent even heard about them since at least that long.
So rejecting contributions from who might even still be around seems like a bad decision.
I like the idea of Gentoo, and I've considered switching back to it. I won't now, as I don't see a future for it if this is the attitude they take towards new technologies.
This seems like the kind of thing you'd want from a distro. Would you be happy if your doctor just started giving you new drugs because they're "new technology"? Or would you prefer it to go through rigorous rounds of testing and evaluation to figure out the potential problems?
I certainly hope my medical team is using AI tools, as they have been repeatedly demonstrated to be more accurate than doctors.
Only downside is my last psychiatrist dropped me as a patient when he left his practice to start an AI company providing regulatory compliance for, essentially, Dr. ChatGPT.
> I certainly hope my medical team is using AI tools, as they have been repeatedly demonstrated to be more accurate than doctors.
AI is not a new tool - transformer-based LLMs are. Which is what this post is about.
The latter are very known to be a LOT LESS accurate, and still are very prone to hallucinate. This is just a fact. For your health I hope no one of your medical team is using the current generation for anything else than casual questions.
I'm not an opponent, and I don't think straight up banning LLM-generated code commits is the right thing, but I can understand their stance.
There was a time that I used Gentoo, and may again one day, but for the past N years, I’ve not had time to compile everything from source, and compiling from source is a false sense of security, since you still don’t know what’s been compromised (it could be the compiler, etc.), and few have the time or expertise to adequately review all of the code.
It can be a waste of energy and time to compile everything from source for standard hardware.
But, when I’m retired, maybe I’ll use it again just for the heck of it. And I’m glad that Gentoo exists.
At least when I used Gentoo, the point of compiling from source was more about customization than security. I remember having to set so many different options. It was quite granular. Now I just compile certain things from scratch and modify them as needed rather than having an entire system like Gentoo do that, but I do see the appeal to some people.
This is exactly why I use it where I use it - on my servers. I don’t need to compile X or X support for programs that could have it, because they’re headless.
I feel like most Gentoo folks probably moved over to Nix/NixOS.
The security argument for recompiling from source is addressed by the input addressed (sic) package cache. The customization aspect is mostly covered by Nix package overrides and overlays. You can also setup your own package cache.
I haven't. The Nix language makes no sense to me and there is still nothing akin to useflags. I don't want to override a bunch of packages just to make my system not pull in (e.g.) UI libraries.
Granted, I wasn’t into Arch at the time, but in the mid-aughts, Gentoo’s forums were a massively useful resource for Linux knowledge in general. That’s why I used it, anyway. The joy of getting an obscure sound card (Chaintech AV-710) to work in Linux, and sharing that knowledge with others, was enough.
To be fair, any of their 3 objections are absolutely not exclusive to AI, but can be levied against any human contribution as well.
Any contributer, wether openly using AI or covertly, should be reputed by earned merit of the contribution history.
Yes, I know there are still holdouts that realy do not use AI, but that number is shrinking rapidly. A no AI policy when strictly enforced (how?) would probably just lead to project EoL.
I wonder how would they enforce it. If they let a pure LLM Commit into their codebase, then there are a lot of another commit that depends on it, would they remove it and try to submit another commit to replace it, or just let it be ?
Maybe we’ll see a (new) distro with AI assisted maintainers. That would be an interesting experiment.
Unfortunately one caveat would be it will be difficult to separate the maintainers from the financial incentives, so it won’t be a fair comparison. (e.g. the labs funding full time maintainers with salaries and donations that other distros can only dream of)
It is interesting that so many people are upset about this policy. If "AI" actually worked, you could plagiarize the whole of Gentoo in one hour.
But no, you always have to infiltrate and harass existing projects, because without the actual human developers your poor "AI" "contributions" are nothing.
There are reasonable ethical concerns one may have with AI (around data center impacts on communities, and the labor used to SFT and RLHF them), but these aren't:
> Commercial AI projects are frequently indulging in blatant copyright violations to train their models.
I thought we (FOSS) were anti copyright?
> Their operations are causing concerns about the huge use of energy and water.
This is massively overblown. If they'd specifically said that their concerns were around the concentrated impact of energy and water usage on specific communities, fine, but then you'd have to have ethical concerns about a lot of other tech including video streaming; but the overall energy and water usage of AI contributed to by the actual individual use of AI to, for instance, generate a PR, is completely negligible on the scale of tech products.
> The advertising and use of AI models has caused a significant harm to employees and reduction of service quality.
Is this talking about automation? You know what else automated employees and can often reduce service quality? Software.
> LLMs have been empowering all kinds of spam and scam efforts.
I get why water use is the sort of nonsense that spreads around mainstream social media, but it baffles me how a whole council of nerds would pass a vote on a policy that includes that line.
Being ideologically motivated is not necessarily bad (understanding ideology as a worldview associated with a set of values and priorities). FOSS as a whole is deeply ideologically motivated from its origins. The issue is that there seems to have been a change in the nature of the ideology, leading to some amount of conflict between the older and newer guard.
>> Commercial AI projects are frequently indulging in blatant copyright violations to train their models.
> I thought we (FOSS) were anti copyright?
Absolutely not! Every major FOSS license has copyright as its enforcement method -- "if you don't do X (share code with customers, etc depending on license) you lose the right to copy the code"
>> Commercial AI projects are frequently indulging in blatant copyright violations to train their models.
> I thought we (FOSS) were anti copyright?
No free and open source software (FOSS) distribution model is "anti-copyright." Quite to the contrary, FOSS licenses are well defined[0] and either address copyright directly or rely on copyright being retained by the original author.
FOSS still has to exist within the rules of the system the planet operates under. You can't just say "I downloaded that movie, but I'm a Linux user so I don't believe in copyright" and get away with it
>the overall energy and water usage of AI contributed to by the actual individual use of AI to, for instance, generate a PR, is completely negligible on the scale of tech products.
[citation needed]
>Is this talking about automation? You know what else automated employees and can often reduce service quality? Software.
Disingenuous strawman. Tech CEO's and the like have been exuberant at the idea that "AI" will replace human labor. The entire end-goal of companies like OpenAI is to create a "super-intelligence" that will then generate a return. By definition the AI would be performing labor (services) for capital, outcompeting humans to do so. Unless OpenAI wants it to just hack every bank account on Earth and transfer it all to them instead? Or something equally farcical
> the overall energy and water usage of AI contributed to by the actual individual use of AI to, for instance, generate a PR, is completely negligible on the scale of tech products.
10 GPT prompts take the same energy as a wifi router operating for 30 minutes.
If Gentoo were so concerned for the environment, they would have more mileage forbidding PRs from people who took a 10 hour flight. These flights, per person, emit as much carbon as a million prompts.
Interestingly --- while I doubt it would make a difference to the decision Gentoo in particular would make --- the cost/benefit of LLMs for coding changed sharply just a month or two after this, when the first iteration of foundation models tuned for effective agents came out. People forget that effective coding agents are just a couple minutes old; the first research preview release of Claude Code was this past February.
Do they? I'm referring to something specific. While I happen to think LLM coding agents are pretty great, my point didn't depend on you thinking that, only on a recognition of the fact that the capabilities of these systems sharply changed very shortly after they published this --- in a very specific, noticeable way.
Marketing people say this every month, but that doesn't mean there haven't also been actual step-changes in AI-assisted coding in the last year.
The policy is dated to 2024-04-14. After they approved this, there were all of these releases that were all pretty dramatic advancements for coding: 3.5 Sonnet (for taste + agentic coding), o1-preview (for reasoning), Claude Code (for developer experience), o3 (for debugging), Claude 4 Opus (for reliability), and now GPT-5 Pro (for code review).
We have advanced from AI that can unreliably help you look up documentation for tools like matplotlib, to AI tools that can write and review large complex programs in the last year alone. Sure, these tools still have a lot of deficiencies. But that doesn't negate the fact that the change in AI for coding in the last year has been dramatic.
> Ethical concerns. The business side of AI boom is creating serious ethical concerns. Among them:
Commercial AI projects are frequently indulging in blatant copyright violations to train their models.
Their operations are causing concerns about the huge use of energy and water.
The advertising and use of AI models has caused a significant harm to employees and reduction of service quality.
LLMs have been empowering all kinds of spam and scam efforts.
Highly disingenuous. First, AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is. Though I have to agree that this is the relatively strongest ethical claim to stop using AI but stands weak if looked at on the whole.
The fact that they mentioned "energy and water use" should tell you that they are really looking for reasons to disparage AI. AI doesn't use any more water or energy than any other tool. An hour of Netflix uses same energy as more than 100 GPT questions. A single 10 hour flight (per person*) emits as much as around 100k GPT prompts.
It is strange that one would repeat the same nonsense about AI without primary motive being ideological.
"The advertising and use of AI models has caused a significant harm to employees and reduction of service quality." this is just a shoddy opinion at this point.
To be clear - I understand why they might ban AI for code submissions. It reduces the barrier significantly and increases the noise. But the reasoning is motivated from a wrong place.
> AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is.
It's not a binary. Sometimes it fully reproduces works in violation of copyright and other times it modifies it just enough to avoid claims against it's output. Using AI and just _assuming_ it would never lead you to a copyright violation is foolish.
> uses same energy as more than 100 GPT questions.
Are you including training costs or just query costs?
> But the reasoning is motivated from a wrong place.
That does not matter. What matters is if the outcome is improved in the way they predict. This is actually measurable.
>That does not matter. What matters is if the outcome is improved in the way they predict. This is actually measurable.
Ok lets discuss facts.
>It's not a binary. Sometimes it fully reproduces works in violation of copyright and other times it modifies it just enough to avoid claims against it's output. Using AI and just _assuming_ it would never lead you to a copyright violation is foolish.
In the Anthropic case the Judge ruled that AI training is transformative. It is not binary as you said but I'm criticising what appears as binary from the original policy. When the court ruling itself has shown that it is not violation of copyright, it is reasonable to criticise it now although I acknowledge the post was written before the ruling.
>Are you including training costs or just query costs?
The training costs are very very small because they are amortised over all the queries. I think training accounts around .001% to .1% of each query depending on how many training runs are done over a year.
On copyright its worth noting that Gentoo has a substantial user base outside the USA (maybe primarily - see [0]) for whom the anthropic judgment you mention probably doesn't mean much
Fair point but I would think EU would be all up on this. This is right up their alley and clearly an easy way to justify more regulations and slow down AI. Why hasn’t anything come out of it?
The idea that models are transformative is debatable. Works with copyright are the thing that imbues the model with value. If that statement isn’t true, then they can just exclude those works and nothing is lost, right?
Also, half the problem isn’t distribution, it’s how those works were acquired. Even if you suppose models 44are transformative, you can’t just download stuff from piratebay. Buy copies, scan them, rip them, etc.
It’s super not cool that billion dollar vc companies can just do that.
> In Monday's order, Senior U.S. District Judge William Alsup supported Anthropic's argument, stating the company's use of books by the plaintiffs to train their AI model was acceptable.
"The training use was a fair use," he wrote. "The use of the books at issue to train Claude and its precursors was exceedingly transformative."
I agree it is debatable but it is not so cut and clear that it is _not_ transformative when a judge has ruled that it is.
> The idea that models are transformative is debatable. Works with copyright are the thing that imbues the model with value. If that statement isn’t true, then they can just exclude those works and nothing is lost, right?
I don't follow.
For one, all works have a copyright status I believe (under US jurisdiction; this of course differs per jurisdiction, although there are international IP laws), some are just extremely permissive. Models rely on a wide range of works, some with permissive, some with restrictive licensing. I'd imagine Wikipedia and StackOverflow are pretty important resources for these models for example, and both are licensed under CC BY-SA 4.0, a permissive license.
Second, despite your claim being thus false, dropping restrictively copyrighted works would make a dent of course I'm pretty sure, although how much, I'm not sure. I don't see why this would be a surprise: restrictively licensed works do contribute value, but not all of the value. So their removal would take away some of the value, but not all of it. It's not binary.
And finally, I'm not sure these aspects solely or even primarily determine whether these models are legally transformative. But then I'm also not a lawyer, and the law is a moving target, so what do I know. I'd imagine it's less legal transformativeness and more colloquial transformativeness you're concerned about anyhow, but then these are not necessarily the best aspects to interrogate either.
> AI doesn't use any more water or energy than any other tool. An hour of Netflix uses same energy as more than 100 GPT questions. A single 10 hour flight (per person*) emits as much as around 100k GPT prompts. It is strange that one would repeat the same nonsense about AI without primary motive being ideological.
We should stop doing those things too. I'm still surprised that so many people are flying.
That's quite a strawman definition of "copyright infringement" especially given the ongoing Anthropic lawsuit
It's not a question of if feeding all the worlds books into a blender and eating the resulting slurry paste is copyright infringement. It's that they stole the books in the first place by getting them from piracy websites
If they'd purchased every book ever written, scanned them in and fed that into the model? That would be perfectly legal
That’s what happened; the initial piracy was an issue, but those models were never released, and the models that were released were trained on copyrighted works they purchased.
> Highly disingenuous. First, AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is.
Your legal argument aside, they downloaded torrents and trained their AI on them. You can't get much more blatant than that.
Yes but that was one company and it is not core to their infra or product. So I don’t know how one can characterize AI fundamentally to be unethical because one company pirated some books
Posted April 2024. I wonder how they feel about this now. Or will next year. Claude Code wouldn’t exist for another year when this was posted. Nevermind Codex. It’s already awkward. Within 12 months it will be cringeworthy.
I don't understand this anti-AI stance. Either the code works and is useful, and it should be accepted, or it doesn't work and it should be rejected. Does it really matter who wrote it?
The code is only a projection of someone's mental model, which is what actually allows the project to succeed, especially in the long term.
That's why codebases die when they lose maintainers and forks often don't make it past the first few months.
LLM-generated code might work, but it's not backed by anyone's mental model. And the industry has had a long running term for code which is there but no-one understands it nor the reason behind it: legacy code.
LLMs give idiots the power to effectively DDoS repos with useless slop PRs that they have to expend the time and effort to triage and ignore. Like the curl maintainers have said, the review burden of looking at mountains of AI-generated crap is horrifically time consuming.
This is a prime example of poor AI policy. It doesn't define what AI is – is using Google translate in order to engage on their mailing lists allowed? Is using Intellisense-like tools that we've had for decades allowed? The rationale is also poor, citing concerns that can be applied far more widely than just LLMs. The ethical concerns are pretty hand-wavy, I'm pretty sure email is used to empower spam and yet I suspect Gentoo have no problem using email.
The end result is not necessarily a bad one, and I think reasonable for a project like Gentoo to go for, but the policy could be stated in a much better way.
For example: thou shalt only contribute code that is unencumbered by copyright issues, contributions must be of a high quality and repeated attempts to submit poor quality contributions may result in new contributions not being reviewed/accepted. As for the ethical concerns, they could just take a position by buying infrastructure from companies that align with their ethics, or not accepting corporate donations (time or money) from companies that they disagree with.
Or because this is a policy by and for human adults who all understand what we're talking about you just don't accept contributions from anyone obviously rule-lawyering in bad faith.
This isn't a court system, anyone intentionally trying to test the boundaries probably isn't someone you want to bother with in the first place.
This policy being so specific in what it bans means that you can't enforce it easily against people who are close but technically within the letter of the policy, and you create a grey area and friction for those who are meeting the spirit of the policy in good faith, but technically in violation.
I have friends and colleagues who I trust as good engineers who take different positions on this (letter vs spirit) and I think there are good faith contributions negatively impacted by both sides of this.
Honestly, I tried to make this in good faith. The examples I gave were perhaps extreme, but my point is that AI is a moving target. Today it means specifically generative AI done by large models – usually not classification, recommendations, and usually not "small" models, all of which have been normalised. LLMs are becoming normalised, and policy needs to be able to keep up to the shifting technological landscape.
Defining policy on the outcomes, rather than the inputs, makes it more resilient and ultimately more effective. Defining policy on the inputs is easy to dismantle.
Perhaps the most telling portion of their decision is:
The first non-title sentence is the most notable to consider, with the rest providing reasoning difficult to refute.There are a number of other issues such the ethical and environmental ones. However, this one in isolation...
I'm struggling to understand this particular angle.Humans are capable of generating extremely poor code. Improperly supervised LLMs are capable of generating extremely poor code.
How is this is an LLM-specific problem?
I believe part of (or perhaps the entire) the argument here is that LLMs certainly enable more unqualified contributors to generate larger quantities of low-quality code than they would have been able to otherwise. Which... is true.
But still I'm not sure that LLMs are the problem here? Nobody should be submitting unexpected, large, hard-to-review quantities of code in the first place, LLM-aided or otherwise. It seems to me that LLMs are, at worst, exposing an existing flaw in the governance process of certain projects?
I've been using AI to contribute to LLVM, which has a liberal policy.
The code is of terrible quality and I am at 100+ comments on my latest PR.
That being said, my latest PR is my second-ever to LLVM and is an entire linter check. I am learning far more about compilers at a much faster pace than if I took the "normal route" of tiny bugfixes.
I also try to do review passes on my own code before asking for code review to show I care about quality.
LLMs increase review burden a ton but I would say it can be a fair tradeoff, because I'm learning quicker and can contribute at a level I otherwise couldn't. I feel like I will become a net-positive to the project much earlier than I otherwise would have.
edit: the PR in question. Unfortunately I've been on vacation and haven't touched it recently.
https://github.com/llvm/llvm-project/pull/146970
It's a community's decision whether to accept this tradeoff & I won't submit AI generated code if your project refuses it. I also believe that we can mitigate this tradeoff with strong social norms that a developer is responsible for understanding and explaining their AI-generated code.
How deliciously entitled of you to decide that making other people try to catch ten tons of bullshit because you’re “learning quicker and can contribute at a level you otherwise couldn’t” is a tradeoff you’re happy to accept
If unrepentant garbage that you make others mop up at risk of their own projects’ integrity is the level you aspire to, please stop coding forever.
Go look at the PR man, it's pretty clear that he hasn't just dumped out LLM garbage and has put serious effort and understanding into the problem he's trying to solve.
It seems a little mean to tell him to stop coding forever when his intentions and efforts seem pretty positive for the health of the project.
One of resolved conversation contains a comment "you should warn about incorrect configuration in constructor, look how it is done in some-other-part-of-code."
This means that he did not put serious effort into understanding what, when and why others do in a highly structured project like LLVM. He "wrote" the code and then dumped "written" code into community to catch mistakes.
Have you ever contributed to a very large project like LLVM? I would say clearly not from the comment.
There are pitfalls everywhere. It’s not so small that you can get everything in your head with only a reading. You need to actually engage with the code via contributions to understand it. 100+ comments is not an exceptional amount for early contributions.
Anyway, LLVM is so complex I doubt you can actually vibcode anything valuable so there are probably a lot of actual work in the contribution.
There is a reason the community didn’t send them packing. Onboarding new comer is hard but it pays off.
So, after reading code, one should write down what made him amazed and find out why it is so - whether it is a custom of a project or a peculiarity of code just read.
I actually have such a list for my work. Do you?
No, it is not. Dozens of comments on a PR is an exceptional amount. Early contributions should be small so that one can learn typical customs and mistakes for self review before attempting a big code change.That PR we discuss here contains a maintainer's requirement to remove excessive commenting - PR's author definitely did not do a codebase style matching cleanup job on his code before submission.
That is normal for a new contributor. You can't reasonably expect knowledge of all the conventions of the project. There has to be effort to produce something good and not overload the maintainers, I agree, but missing such a detail is not a sign that is not happening here.
Every hobby at some point turns into an exclusive, invitation-only club in order to maintain the quality of each individual's contribution, but then old members start to literally die and they're left wondering why the hobby died too. I feel like most people don't understand that any organization that wants to grow needs to sacrifice quality in order to attract new members.
I didn't make a decision on the tradeoff, the LLVM community did. I also disclosed it in the PR. I also try to mitigate the code review burden by doing as much review as possible on my end & flagging what I don't understand.
If your project has a policy against AI usage I won't submit AI-generated code because I respect your decision.
> I didn't make a decision on the tradeoff, the LLVM community did. I also disclosed it in the PR.
That's not what the GP mean. Just because a community doesn't disallow something doesn't mean it's the right thing to do.
> I also try to mitigate the code review burden by doing as much review as possible on my end
That's great but...
> & flagging what I don't understand.
It's absurd to me that people should commit code they don't understand. That is the problem. Just because you are allowed to commit AI-generated/assisted code does not mean that you should commit code that you don't understand.
The overhead to others of committing code that you don't understand then ask someone to review is a lot higher than asking someone for directions first so you can understand the problem and code you write.
> If your project has a policy against AI usage I won't submit AI-generated code because I respect your decision.
That's just not the point.
> It's absurd to me that people should commit code they don't understand
The industrywide tsunami of tech debt arising from AI detritus[1] will be interesting to watch. Tech leadership is currently drunk on improved productivity metrics (via lines of code or number of PRs), but I bet velocity will slow down, and products be more brittle due to extraneous AI-generated, with a lag, so it won't be immediately apparent. Only teams with rigorous reviews will fare well in the long term, but may be punished in the short term for "not being as productive" as others.
1. From personal observation: when I'm in a hurry, I accept code that does more than is necessary to meet the requirements, or is merely not succinct. Where as pre-AI, less code would be merged with a "TBD" tacked on
I agree with this. The reason I wrote the PR is because AI keeps using `int` in my codebase when our coding guidelines suggest `size_t`, `uint32_t`, or something else modern.
Where did you disclose it?
Only after getting reviews so it is hidden by default: https://github.com/llvm/llvm-project/pull/146970#issuecommen...
Disclosing that you used AI three days after making the PR, after 4 people had already commented on your code, doesn't sit right with me. That's the kind of thing that should be disclosed in the original PR message. Especially so if you are not confident in the generated code
Sounds like a junior vibe coder with no understanding of software development trying to boost their CV. Or at least I hope that’s the case.
I graduated literally 3 months ago so that's my skill level.
I also have no idea what the social norms are for AI. I posted the comment after a friend on Discord said I should disclose my use of AI.
The underlying purpose of the PR is ironically because Cline and Copilot keep trying to use `int` when modern C++ coding standards suggest `size_t` (or something similar).
Your final sentence moved me. Moved to flagging the post, that is.
That's no different to on boarding any new contributor. I cringe at the code I put out when I was 18.
On top of all that every open source project has a gray hair problem.
Telling people excited about a new tech to never contribute makes sure that all projects turn into templeOS when the lead maintainer moves on.
Unrelated to my other point, I absolutely get wanting to lower barriers, but let’s not forget that templeOS was the religious vanity project of someone who could have had a lot to teach us if not for mental health issues that were extant early enough in the roots of the project as to poison the well of knowledge to be found there. And he didn’t just “move on,” he died.
While I legitimately do find templeOS to be a fascinating project, I don’t think there was anything to learn from it at a computer science level other than “oh look, an opinionated 64-bit operating environment that feels like classical computing and had a couple novel ideas”
I respect that instances like it are demonstrably few and far between, but don’t entertain its legacy far beyond that.
> While I legitimately do find templeOS to be a fascinating project, I don’t think there was anything to learn from it at a computer science level other than “oh look, an opinionated 64-bit operating environment that feels like classical computing and had a couple novel ideas”
I disagree, actually.
I think that his approach has a lot to teach aspiring architects of impossibly large and complex systems, such as "create a suitable language for your use-case if one does not exist. It need not be a whole new language, just a variation of an existing one that smooths out all the rough edges specific to your complex software".
His approach demonstrated very large gains in an unusually complicated product. I can point to projects written in modern languages that come nowhere close to being as high-velocity as his, because his approach was fine-tuned to the use-case of "high-velocity while including only the bare necessities of safety."
Onboarding a new contributor implies you’re investing time into someone you’re confident will pay off over the long run as an asset to the project. Reviewing LLM slop doesn’t grant any of that, you’re just plugging thumbs into cracks in the glass until the slop-generating contributor gets bored and moves on to another project or feels like they got what they wanted, and then moves on to another project.
I accept that some projects allow this, and if they invite it, I guess I can’t say anything other than “good luck,” but to me it feels like long odds that any one contributor who starts out eager to make others wade through enough code to generate that many comments purely as a one-sided learning exercise will continue to remain invested in this project to the point where I feel glad to have invested in this particular pedagogy.
>Onboarding a new contributor implies you’re investing time into someone you’re confident will pay off over the long run as an asset to the project.
No you don't. And if you're that entitled to people's time you will simply get no new contributors.
I’ll grant you that, but at least a new contributor who actually writes the code they contribute has offered some level of reciprocity with respect to the time it takes to review their contributions.
Trying to understand a problem and taking some time to work out a solution proves that you’re actually trying to learn and be helpful, even if you’re green. Using a LLM to generate a nearly-thousand-line PR and yeeting it at the maintainers with a note that says “I don’t really know what this does” feels less hopeful.
I feel like a better use of an LLM would be to use it for guidance on where to look when trying to see how pieces fit together, or maybe get some understanding of what something is doing, and then by one’s own efforts actually construct the solution. Then, even if one only has a partial implementation, it would feel much more reasonable to open a WIP PR and say “is this on the right track?”
I think the project and reviewers are both perfectly capable of making their own decisions about the best use of their own time. No need to act like a dick to someone willing to own up to their own behavior.
Well, some people just operate under the "some of you may die, but it's a sacrifice I am willing to make" principle...
IMO that is not your call to make, it is the reviews call to make. It is the reviewers resources you are spending to learn more quickly. You are consuming a “free” resource for personal gain because you feel that it is justified in your particular case. It would likely not scale and grind many projects to a halt at least temporarily if this was done at scale.
The decision is made by llvm https://llvm.org/docs/FAQ.html#id4
I would interpret this as similar to being able to take paper napkins or straws at a restaurant. You may be welcome to take napkins, but if you go around taking all the napkins from every dispenser you'll likely be kicked out and possibly they'll start keeping the napkins behind the counter in the future. Similarly if people start treating "you can contribute AI code to LLVM" as "feel free to submit nonsense you don't understand", I would not be surprised to see LLVM change its stance on the matter.
> I've been using AI to contribute to LLVM, which has a liberal policy.
This is a different decision made by the LLVM project than the one made by Gentoo, which is neither right nor wrong IMHO.
> The code is of terrible quality and I am at 100+ comments on my latest PR.
This may be part of the justification of the published Gentoo policy. I am not a maintainer of same so cannot say for certain. I can say it is implied within their policy:
> LLMs increase review burden a ton ...Hence the Gentoo policy.
> ... but I would say it can be a fair tradeoff, because I'm learning quicker and can contribute at a level I otherwise couldn't.
I get it. I really do.
I would also ask - of the requested changes reviewers have made, what percentage are due to LLM generated changes? If more than zero, does this corroborate the Gentoo policy position of:
If "erroneous" or "invalid" where the adjective used instead of "meaningless"?I'm a bit later in my career and I've been involved with modern machine learning for a long time which probably affects my views on this, but I can definitely relate to aspects of it.
I think there are a couple of good signals in what you've said but also some stuff (at least by implication/phrashing) that I would be mindful of.
The reason why I think your head is fundamentally in a good place is that you seem to be shooting for an outcome where already high effort stays high, and with the assistance of the tools your ambition can increase. That's very much my aspiration with it, and I think that's been the play for motivated hackers forever: become as capable as possible as quickly as possible by using every effort and resource. Certainly in my lifetime I've seen things like widely distributed source code in the 90s, Google a little later, StackOverflow indexed by Google, the mega-grep when I did the FAANG thing, and now the language models. They're all related (and I think less impressive/concerning to people who remember pre-SEO Google, that was up there with any LLM on "magic box with reasonable code").
But we all have to self-police on this because with any source of code we don't understand, the abstraction almost always leaks, and it's a slippery slope: you get a little tired or busy or lazy, it slips a bit, next thing you know the diff or project or system is jeopardized, and you're throwing long shots that compound.
I'm sure the reviewers can make their own call about whether you're in an ok place in terms of whether you're making a sincere effort or if you've slipped into the low-integrity zone (LLVM people are serious people), just be mindful that if you want the most out of it and to be welcome on projects and teams generally, you have to keep the gap between ability and scope in a band: pushing hard enough to need the tools and reviewers generous with their time is good, it's how you improve, but go too far and everyone loses because you stop learning and they could have prompted the bot themselves.
This is exciting. Thank for for raising the point. I've posted https://discourse.llvm.org/t/our-ai-policy-vs-code-of-conduc... to see what other people think of this. Thank you for your commit, and especially for not mentioning that it's AI generated code that you don't understand in the review, as it makes my point rather more forcefully than otherwise.
graceful...
> and especially for not mentioning that it's AI generated code
https://github.com/llvm/llvm-project/pull/146970#issuecommen...
irony really is dead
Thanks for digging that out, it was hidden in github's folding of many messages
Ahhahaha what the fuck. This is what software development has become? Using an LLM to generate code that not only do you not understand, but most likely isn’t even correct, and then shoehorn the responsibility of ensuring it doesn’t break anything onto the reviewer? lol wow
As a former LLVM developer and reviewer, I want to say:
1. Good for you.
2. Ignore the haters in the comments.
> my latest PR is my second-ever to LLVM and is an entire linter check.
That is so awesome.
> The code is of terrible quality and I am at 100+ comments on my latest PR.
The LLVM reviewers are big kids. They know how to ignore a PR if they don't want to review it. Don't feel bad about wasting people's time. They'll let you know.
You might be surprised how many PRs even pre-LLMs had 100+ comments. There's a lot to learn. You clearly want to learn, so you'll get there and will soon be offering a net-positive contribution to this community (or the next one you join), if you aren't already.
Best of luck on your journey.
Thanks. I graduated 3 months ago and this has been a huge help.
> They know how to ignore a PR if they don't want to review it
How well does that scale as the number of such contributions increases and the triage process itself becomes a sizable effort?
LLMs can inadvertently create a sort of DDoS even with the best intentions, and mitigating it costs something.
Wait and see, then change the policy based on what actually happens.
I sort of doubt that all of a sudden there's going to be tons of people wanting to make complex AI contributions to LLVM, but if there are just ban them at that point.
It has happend to Curl.
LLMs trained on open source make the common mistakes that humans make.
> make.
No, made. Which is a very important difference.
How is it telling at all?
It’s just what every other tech bro on here wants to believe, that using LLM code is somehow less pure than using free-range-organic human written code.
Tech bros want the exact opposite, so that they can sell their AI crap and replace human developers with AI bots.
Every time I encounter these kinds of policy, I can't help but wonder how these policies would be enforced: The people who are considerate enough to abide by these policies, are the ones who would have "cared" about the code qualities and stuff like that, so the policy is a moot point for these kinds of people. OTOH, the people who recklessly spam "contributions" generated from LLMs, by their very nature, would not respect these policies in very high likelihood. For me it's like telling bullies to don't bully.
By the way, I'm in no way against these kinds of policy: I've seen what happened to curl, and I think it's fully in their rights to outright ban any usage of LLMs. I'm just concerned about the enforceability of these policies.
If nothing else, it gives maintainers a sign to point to when closing PRs with prejudice, and that's not nothing. Bad faith contributors will still likely complain when their PRs are closed, and having an obviously applicable policy to cite makes it harder for them to keep complaining without getting banned outright.
I think it's a discouragement more than an enforcement --- a "we will know if you submit AI-generated code, so don't bother trying." Maybe those who do know how to use LLMs really well can submit code that they fully understand and can explain the reasoning of, in which case the point is moot.
You just stop accepting contributions from them?
There is nothing inherently different about these policies that make them more or less difficult to enforce than other kinds of polices.
> I can't help but wonder how these policies would be enforced
One of the parties that decided on Gentoo's policy effectively said the same thing. If I get what you're really asking... the reality is, there's no way for them to know if a LLM tool was used internally, it's honor system. But I mean enforcement is just ban the contributor if they become a problem. They've banned or otherwise restricted other ones for being disruptive or spamming low quality contributions in the past.
It's worded the way it is because most of the parties understand this isn't going away and might get revisited eventually. At least one of them hardline opposes LLM contributions in any form and probably won't change their mind.
I see. So if I'm understanding correctly, then this policy serves as a kind of "legal ground" from which the maintainers can take action against perpetrators, right?
To add a bit more context, when I was writing the original comment, I was mainly thinking of first-time contributors that don't have any track records, and how the policy would work against them.
If someone uses an LLM to help them write good code that is indistinguishable from human written code, you are right, it's not enforceable. And that's what most people that are using LLMs should be doing. Unfortunately sometimes it is possible to tell the difference between human and LLM generated code (slop). Policies like this just make it clear and easy to outright reject them.
We do tell bullies not to bully, and then hopefully when they are caught, they are punished. It’s not a perfect system, but better than just ignoring bullying happens.
What happened to curl? The comment is referring to how the curl project is being overwhelmed by low-quality bug/vulnerability reports generated (or partially generated) by AI (“AI slop”), so much so that curl maintainers are now banning reporters who submit such reports and demanding disclosure, because these sloppy reports cost a lot of time and drain the team.
[generated by ChatGPT] Source: https://news.ycombinator.com/item?id=45217858
It's often quite easy to distinguish LLM-generated low-effort slop and it's far easier to point to the established policy than to explain why the PR is a complete garbage. On Github it's even easier to detect by inspecting the author's contribution history (and if it's private it's an automatic red flag).
Of course, if someone has used LLM during development as a helper tool and done the necessary work of properly reviewing and fixing the generated code, then it can be borderline impossible to detect, but such PRs are much less problematic.
You cannot prevent cheating with other policies like the Developer Certificate of Origin either. Yet no one brought up the potential cheating at the time these policies were discussed.
Several projects have rejected "AI" policies using your argument even though those projects themselves have contributor agreements or similar.
This inconsistency makes it likely that the cheating argument, when only used for "AI" contributions, is a pretext and these projects are forced to use or promote "AI" for a number of reasons.
https://xkcd.com/810/
To me the point is that I want to see effort from a person asking me to review their PR. If it's obvious LLM generated bullshit, I outright ignore it. If they put in the time and effort to mold the LLM output so that it's high quality and they actually understand what they're putting in the PR (meaning they probably replace 99% of the output), then good, that's the point
This might get me in trouble, but with all the negativity I’m seeing here I’ve got to ask.
Why do you care? Their sandbox their rules, and if you care because you want to contribute you’re still free to do so. Unless you’re an LLM I guess, but the rest of us should have no problem.
The negativity just seems overblown. More power to them, and if this was a bad call they’ll revisit it.
> and if this was a bad call they’ll revisit it.
how would they know? - this is (one of) the ways for people to let them know
Let's stop bullshitting, nobody here is going to contribute to Gentoo and is now put off because of this policy change.
What we're looking at is mostly JavaScript monkeys who feel personally offended because they're unable to differentiate criticism of their tools from criticism of their own personal character.
The outrage is purely theoretical.
As a JavaScript monkey I believe you have a point, and this was the core of my original question.
How many contributors to gentoo are upset by this? Probably none.
How many potential contributors to gentoo are upset by this? Maybe dozens?
I'll be amazed if this has any notable negative outcomes for Gentoo and their contributions.
It isn't though. This is just noise. It's a good conversation thread for HN, but it has absolutely zero influence on Gentoo policy.
The only way it'll be revisited is if active Gentoo developers and/or contributors really start to push with a justification to get it changed and they agree to revisit discussing it again. I can tell you every maintainer has heard the line: 'I would have contributed if you did X thing'.
Not speaking for everyone but to me the problem is the normalization of bad behavior.
Some people in this thread are already interpreting that policies that allow contributions of AI-generated code means it's OK to not understand the code they write and can offload that work to the reviewers.
If you have ever had to review code that an author doesn't understand or written code that you don't understand for others to review, you should know how bad it is even without an LLM.
> Why do you care? Their sandbox their rules...
* What if it's a piece of software or dependency that I use and support? That affects me.
* What if I have to work with these people in these community? That affects me.
* What if I happen to have to mentor new software engineers who were conditioned to think that bad practices are OK? That affects me.
Things are usually less sandboxed than you think.
>Why do you care? Their sandbox their rules, and if you care because you want to contribute you’re still free to do so. Unless you’re an LLM I guess, but the rest of us should have no problem.
Exactly this. It's their decision to make; their consequences as well.
Then again I would have bet $1000 that gentoo disappeared 15 years ago. Probably around 2009? I legitimately havent even heard about them since at least that long.
So rejecting contributions from who might even still be around seems like a bad decision.
I like the idea of Gentoo, and I've considered switching back to it. I won't now, as I don't see a future for it if this is the attitude they take towards new technologies.
This seems like the kind of thing you'd want from a distro. Would you be happy if your doctor just started giving you new drugs because they're "new technology"? Or would you prefer it to go through rigorous rounds of testing and evaluation to figure out the potential problems?
I certainly hope my medical team is using AI tools, as they have been repeatedly demonstrated to be more accurate than doctors.
Only downside is my last psychiatrist dropped me as a patient when he left his practice to start an AI company providing regulatory compliance for, essentially, Dr. ChatGPT.
> I certainly hope my medical team is using AI tools, as they have been repeatedly demonstrated to be more accurate than doctors.
AI is not a new tool - transformer-based LLMs are. Which is what this post is about.
The latter are very known to be a LOT LESS accurate, and still are very prone to hallucinate. This is just a fact. For your health I hope no one of your medical team is using the current generation for anything else than casual questions.
I'm not an opponent, and I don't think straight up banning LLM-generated code commits is the right thing, but I can understand their stance.
This is on-brand.
There was a time that I used Gentoo, and may again one day, but for the past N years, I’ve not had time to compile everything from source, and compiling from source is a false sense of security, since you still don’t know what’s been compromised (it could be the compiler, etc.), and few have the time or expertise to adequately review all of the code.
It can be a waste of energy and time to compile everything from source for standard hardware.
But, when I’m retired, maybe I’ll use it again just for the heck of it. And I’m glad that Gentoo exists.
At least when I used Gentoo, the point of compiling from source was more about customization than security. I remember having to set so many different options. It was quite granular. Now I just compile certain things from scratch and modify them as needed rather than having an entire system like Gentoo do that, but I do see the appeal to some people.
This is exactly why I use it where I use it - on my servers. I don’t need to compile X or X support for programs that could have it, because they’re headless.
Nix is another route as far as a compile-from-source package manager with lots of options on many packages.
I feel like most Gentoo folks probably moved over to Nix/NixOS.
The security argument for recompiling from source is addressed by the input addressed (sic) package cache. The customization aspect is mostly covered by Nix package overrides and overlays. You can also setup your own package cache.
I haven't. The Nix language makes no sense to me and there is still nothing akin to useflags. I don't want to override a bunch of packages just to make my system not pull in (e.g.) UI libraries.
Granted, I wasn’t into Arch at the time, but in the mid-aughts, Gentoo’s forums were a massively useful resource for Linux knowledge in general. That’s why I used it, anyway. The joy of getting an obscure sound card (Chaintech AV-710) to work in Linux, and sharing that knowledge with others, was enough.
I use it on some systems so strong that most emerges hardly take much longer than a binary package install. It's pretty nice there.
To be fair, any of their 3 objections are absolutely not exclusive to AI, but can be levied against any human contribution as well.
Any contributer, wether openly using AI or covertly, should be reputed by earned merit of the contribution history.
Yes, I know there are still holdouts that realy do not use AI, but that number is shrinking rapidly. A no AI policy when strictly enforced (how?) would probably just lead to project EoL.
I wonder how would they enforce it. If they let a pure LLM Commit into their codebase, then there are a lot of another commit that depends on it, would they remove it and try to submit another commit to replace it, or just let it be ?
Does this apply to upstream packages distributed by Gentoo too? Or just things that the Gentoo project is itself upstream, like emerge?
I would say the question is, do you iterate on the output or not?
My perspective is that this criticism is only valid for “single-shot in spirit” / “prompt and forget” LLM powered contributions.
That ignores two out of the three reasons they gave for this decision
Maybe we’ll see a (new) distro with AI assisted maintainers. That would be an interesting experiment.
Unfortunately one caveat would be it will be difficult to separate the maintainers from the financial incentives, so it won’t be a fair comparison. (e.g. the labs funding full time maintainers with salaries and donations that other distros can only dream of)
It is interesting that so many people are upset about this policy. If "AI" actually worked, you could plagiarize the whole of Gentoo in one hour.
But no, you always have to infiltrate and harass existing projects, because without the actual human developers your poor "AI" "contributions" are nothing.
There are reasonable ethical concerns one may have with AI (around data center impacts on communities, and the labor used to SFT and RLHF them), but these aren't:
> Commercial AI projects are frequently indulging in blatant copyright violations to train their models.
I thought we (FOSS) were anti copyright?
> Their operations are causing concerns about the huge use of energy and water.
This is massively overblown. If they'd specifically said that their concerns were around the concentrated impact of energy and water usage on specific communities, fine, but then you'd have to have ethical concerns about a lot of other tech including video streaming; but the overall energy and water usage of AI contributed to by the actual individual use of AI to, for instance, generate a PR, is completely negligible on the scale of tech products.
> The advertising and use of AI models has caused a significant harm to employees and reduction of service quality.
Is this talking about automation? You know what else automated employees and can often reduce service quality? Software.
> LLMs have been empowering all kinds of spam and scam efforts.
So did email.
> I thought we (FOSS) were anti copyright?
For Free Software, copyright creates the ability to use licenses (like the GPL) to ensure source code availability.
I get why water use is the sort of nonsense that spreads around mainstream social media, but it baffles me how a whole council of nerds would pass a vote on a policy that includes that line.
To be completely fair, AI really does use more water than other typical compute tasks, because AI takes A LOT of compute.
No, it's not like email, or a web server. I can run an email server or apache on my rinky dink computer and get hundreds of requests per second.
I can't run chatgpt, that requires a super computer. And of the stuff I can run, like deepseek, I'm getting very few tokens/s. Not requests! Tokens!
Yes, inference has an energy cost that is significantly more than other compute tasks.
Because it is ideologically motivated.
Being ideologically motivated is not necessarily bad (understanding ideology as a worldview associated with a set of values and priorities). FOSS as a whole is deeply ideologically motivated from its origins. The issue is that there seems to have been a change in the nature of the ideology, leading to some amount of conflict between the older and newer guard.
What change do you mean between older and newer guard?
That's not something that fits in a comment. The point is, ideology as such, is not something new in this space.
Gentoo should be able to be ideological without being stupid.
>> Commercial AI projects are frequently indulging in blatant copyright violations to train their models. > I thought we (FOSS) were anti copyright?
Absolutely not! Every major FOSS license has copyright as its enforcement method -- "if you don't do X (share code with customers, etc depending on license) you lose the right to copy the code"
>> Commercial AI projects are frequently indulging in blatant copyright violations to train their models.
> I thought we (FOSS) were anti copyright?
No free and open source software (FOSS) distribution model is "anti-copyright." Quite to the contrary, FOSS licenses are well defined[0] and either address copyright directly or rely on copyright being retained by the original author.
0 - https://opensource.org/licenses
Some of the ideas behind the GPL could be anti-copyright, insofar as the concept they’d love to see is software being uncopyrightable.
for further reading:
https://www.gnu.org/philosophy/copyright-versus-community.en...
>I thought we (FOSS) were anti copyright?
FOSS still has to exist within the rules of the system the planet operates under. You can't just say "I downloaded that movie, but I'm a Linux user so I don't believe in copyright" and get away with it
>the overall energy and water usage of AI contributed to by the actual individual use of AI to, for instance, generate a PR, is completely negligible on the scale of tech products.
[citation needed]
>Is this talking about automation? You know what else automated employees and can often reduce service quality? Software.
Disingenuous strawman. Tech CEO's and the like have been exuberant at the idea that "AI" will replace human labor. The entire end-goal of companies like OpenAI is to create a "super-intelligence" that will then generate a return. By definition the AI would be performing labor (services) for capital, outcompeting humans to do so. Unless OpenAI wants it to just hack every bank account on Earth and transfer it all to them instead? Or something equally farcical
>So did email.
"We should improve society somewhat"
"Ah, but you participate in society! Curious!"
> the overall energy and water usage of AI contributed to by the actual individual use of AI to, for instance, generate a PR, is completely negligible on the scale of tech products.
10 GPT prompts take the same energy as a wifi router operating for 30 minutes.
If Gentoo were so concerned for the environment, they would have more mileage forbidding PRs from people who took a 10 hour flight. These flights, per person, emit as much carbon as a million prompts.
Dated 2024-04-14 and features nothing special.
Interestingly --- while I doubt it would make a difference to the decision Gentoo in particular would make --- the cost/benefit of LLMs for coding changed sharply just a month or two after this, when the first iteration of foundation models tuned for effective agents came out. People forget that effective coding agents are just a couple minutes old; the first research preview release of Claude Code was this past February.
> the cost/benefit of LLMs for coding changed sharply just a month or two after this
People say this every month.
Do they? I'm referring to something specific. While I happen to think LLM coding agents are pretty great, my point didn't depend on you thinking that, only on a recognition of the fact that the capabilities of these systems sharply changed very shortly after they published this --- in a very specific, noticeable way.
Marketing people say this every month, but that doesn't mean there haven't also been actual step-changes in AI-assisted coding in the last year.
The policy is dated to 2024-04-14. After they approved this, there were all of these releases that were all pretty dramatic advancements for coding: 3.5 Sonnet (for taste + agentic coding), o1-preview (for reasoning), Claude Code (for developer experience), o3 (for debugging), Claude 4 Opus (for reliability), and now GPT-5 Pro (for code review).
We have advanced from AI that can unreliably help you look up documentation for tools like matplotlib, to AI tools that can write and review large complex programs in the last year alone. Sure, these tools still have a lot of deficiencies. But that doesn't negate the fact that the change in AI for coding in the last year has been dramatic.
Important point. A lot has changed in coding AIs since then.
Humans are important - but I have to wonder how any of this will be enforced?
> Their operations are causing concerns about the huge use of energy and water.
I’d be curious how much energy gentoo consumes versus a binary distro.
> Ethical concerns. The business side of AI boom is creating serious ethical concerns. Among them: Commercial AI projects are frequently indulging in blatant copyright violations to train their models. Their operations are causing concerns about the huge use of energy and water. The advertising and use of AI models has caused a significant harm to employees and reduction of service quality. LLMs have been empowering all kinds of spam and scam efforts.
Highly disingenuous. First, AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is. Though I have to agree that this is the relatively strongest ethical claim to stop using AI but stands weak if looked at on the whole.
The fact that they mentioned "energy and water use" should tell you that they are really looking for reasons to disparage AI. AI doesn't use any more water or energy than any other tool. An hour of Netflix uses same energy as more than 100 GPT questions. A single 10 hour flight (per person*) emits as much as around 100k GPT prompts. It is strange that one would repeat the same nonsense about AI without primary motive being ideological.
"The advertising and use of AI models has caused a significant harm to employees and reduction of service quality." this is just a shoddy opinion at this point.
To be clear - I understand why they might ban AI for code submissions. It reduces the barrier significantly and increases the noise. But the reasoning is motivated from a wrong place.
> AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is.
It's not a binary. Sometimes it fully reproduces works in violation of copyright and other times it modifies it just enough to avoid claims against it's output. Using AI and just _assuming_ it would never lead you to a copyright violation is foolish.
> uses same energy as more than 100 GPT questions.
Are you including training costs or just query costs?
> But the reasoning is motivated from a wrong place.
That does not matter. What matters is if the outcome is improved in the way they predict. This is actually measurable.
>That does not matter. What matters is if the outcome is improved in the way they predict. This is actually measurable.
Ok lets discuss facts.
>It's not a binary. Sometimes it fully reproduces works in violation of copyright and other times it modifies it just enough to avoid claims against it's output. Using AI and just _assuming_ it would never lead you to a copyright violation is foolish.
In the Anthropic case the Judge ruled that AI training is transformative. It is not binary as you said but I'm criticising what appears as binary from the original policy. When the court ruling itself has shown that it is not violation of copyright, it is reasonable to criticise it now although I acknowledge the post was written before the ruling.
>Are you including training costs or just query costs?
The training costs are very very small because they are amortised over all the queries. I think training accounts around .001% to .1% of each query depending on how many training runs are done over a year.
On copyright its worth noting that Gentoo has a substantial user base outside the USA (maybe primarily - see [0]) for whom the anthropic judgment you mention probably doesn't mean much
[0] https://trends.builtwith.com/Server/Gentoo-Linux
Fair point but I would think EU would be all up on this. This is right up their alley and clearly an easy way to justify more regulations and slow down AI. Why hasn’t anything come out of it?
The idea that models are transformative is debatable. Works with copyright are the thing that imbues the model with value. If that statement isn’t true, then they can just exclude those works and nothing is lost, right?
Also, half the problem isn’t distribution, it’s how those works were acquired. Even if you suppose models 44are transformative, you can’t just download stuff from piratebay. Buy copies, scan them, rip them, etc.
It’s super not cool that billion dollar vc companies can just do that.
> In Monday's order, Senior U.S. District Judge William Alsup supported Anthropic's argument, stating the company's use of books by the plaintiffs to train their AI model was acceptable.
"The training use was a fair use," he wrote. "The use of the books at issue to train Claude and its precursors was exceedingly transformative."
I agree it is debatable but it is not so cut and clear that it is _not_ transformative when a judge has ruled that it is.
> The idea that models are transformative is debatable. Works with copyright are the thing that imbues the model with value. If that statement isn’t true, then they can just exclude those works and nothing is lost, right?
I don't follow.
For one, all works have a copyright status I believe (under US jurisdiction; this of course differs per jurisdiction, although there are international IP laws), some are just extremely permissive. Models rely on a wide range of works, some with permissive, some with restrictive licensing. I'd imagine Wikipedia and StackOverflow are pretty important resources for these models for example, and both are licensed under CC BY-SA 4.0, a permissive license.
Second, despite your claim being thus false, dropping restrictively copyrighted works would make a dent of course I'm pretty sure, although how much, I'm not sure. I don't see why this would be a surprise: restrictively licensed works do contribute value, but not all of the value. So their removal would take away some of the value, but not all of it. It's not binary.
And finally, I'm not sure these aspects solely or even primarily determine whether these models are legally transformative. But then I'm also not a lawyer, and the law is a moving target, so what do I know. I'd imagine it's less legal transformativeness and more colloquial transformativeness you're concerned about anyhow, but then these are not necessarily the best aspects to interrogate either.
> AI doesn't use any more water or energy than any other tool. An hour of Netflix uses same energy as more than 100 GPT questions. A single 10 hour flight (per person*) emits as much as around 100k GPT prompts. It is strange that one would repeat the same nonsense about AI without primary motive being ideological.
We should stop doing those things too. I'm still surprised that so many people are flying.
I agree but the magnitudes are important. I don’t want to give up a few prompts per day because of climate. That is stupid.
I don't get this idea. Transformative works don't automatically equal fair use - copyright covers all kind of transformative works.
That's quite a strawman definition of "copyright infringement" especially given the ongoing Anthropic lawsuit
It's not a question of if feeding all the worlds books into a blender and eating the resulting slurry paste is copyright infringement. It's that they stole the books in the first place by getting them from piracy websites
If they'd purchased every book ever written, scanned them in and fed that into the model? That would be perfectly legal
That’s what happened; the initial piracy was an issue, but those models were never released, and the models that were released were trained on copyrighted works they purchased.
That's not true, or they wouldn't have settled for 1.5bln specifically for training on pirated material.
https://apnews.com/article/anthropic-copyright-authors-settl...
> Highly disingenuous. First, AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is.
Your legal argument aside, they downloaded torrents and trained their AI on them. You can't get much more blatant than that.
Yes but that was one company and it is not core to their infra or product. So I don’t know how one can characterize AI fundamentally to be unethical because one company pirated some books
Posted April 2024. I wonder how they feel about this now. Or will next year. Claude Code wouldn’t exist for another year when this was posted. Nevermind Codex. It’s already awkward. Within 12 months it will be cringeworthy.
I don't understand this anti-AI stance. Either the code works and is useful, and it should be accepted, or it doesn't work and it should be rejected. Does it really matter who wrote it?
The code is only a projection of someone's mental model, which is what actually allows the project to succeed, especially in the long term.
That's why codebases die when they lose maintainers and forks often don't make it past the first few months.
LLM-generated code might work, but it's not backed by anyone's mental model. And the industry has had a long running term for code which is there but no-one understands it nor the reason behind it: legacy code.
Because the quality of the code matters more than the raw quantity.
Having code that compiles and runs is the bare minimum - we should (and do) hold ourselves to a higher standard of professionalism.
The linked API policy lists specific concerns in 3 categories: copyright, quality, ethical. Which one do you not understand?
LLMs give idiots the power to effectively DDoS repos with useless slop PRs that they have to expend the time and effort to triage and ignore. Like the curl maintainers have said, the review burden of looking at mountains of AI-generated crap is horrifically time consuming.
Putting together and maintaining a GNU/Linux distribution and maintaining it for 23 years requires a bit more than "works for me and is useful".
This is a prime example of poor AI policy. It doesn't define what AI is – is using Google translate in order to engage on their mailing lists allowed? Is using Intellisense-like tools that we've had for decades allowed? The rationale is also poor, citing concerns that can be applied far more widely than just LLMs. The ethical concerns are pretty hand-wavy, I'm pretty sure email is used to empower spam and yet I suspect Gentoo have no problem using email.
The end result is not necessarily a bad one, and I think reasonable for a project like Gentoo to go for, but the policy could be stated in a much better way.
For example: thou shalt only contribute code that is unencumbered by copyright issues, contributions must be of a high quality and repeated attempts to submit poor quality contributions may result in new contributions not being reviewed/accepted. As for the ethical concerns, they could just take a position by buying infrastructure from companies that align with their ethics, or not accepting corporate donations (time or money) from companies that they disagree with.
Or because this is a policy by and for human adults who all understand what we're talking about you just don't accept contributions from anyone obviously rule-lawyering in bad faith.
This isn't a court system, anyone intentionally trying to test the boundaries probably isn't someone you want to bother with in the first place.
This policy being so specific in what it bans means that you can't enforce it easily against people who are close but technically within the letter of the policy, and you create a grey area and friction for those who are meeting the spirit of the policy in good faith, but technically in violation.
I have friends and colleagues who I trust as good engineers who take different positions on this (letter vs spirit) and I think there are good faith contributions negatively impacted by both sides of this.
> It doesn't define what AI is
this is a bad faith comment.
The whole argument smacks of bad faith "yet you participate in society" arguments.
Honestly, I tried to make this in good faith. The examples I gave were perhaps extreme, but my point is that AI is a moving target. Today it means specifically generative AI done by large models – usually not classification, recommendations, and usually not "small" models, all of which have been normalised. LLMs are becoming normalised, and policy needs to be able to keep up to the shifting technological landscape.
Defining policy on the outcomes, rather than the inputs, makes it more resilient and ultimately more effective. Defining policy on the inputs is easy to dismantle.